📢 IBM has just published a vulnerability bulletin concerning the Rational Developer for i (RDi) development environment.
🚨 Two vulnerabilities have been identified in Code Coverage:
✔️ [CVE-2024-47554] Denial of Service (DoS) in the PDF Exporter module 🛑
✔️[CVE-2024-45801] Remote code execution in the Reports module ⚠️
🔎 Vulnerability details
🔴 [CVE-2024-47554] Denial of service via Apache Commons IO
🔹 Impact: A flaw in the Apache Commons IO library could lead to excessive resource consumption, causing a denial of service (DoS).
🔹 How could this happen? A remote attacker can send a specially crafted entry to saturate the system.
🔹 CVSS score: 5.3 / 10
⚠️ [CVE-2024-45801] Arbitrary code execution via DOMPurify
🔹 Impact: A prototype pollution flaw in the DOMPurify library could allow an attacker toexecute malicious code or cause a DoS.
🔹 How could this happen? By modifying certainObject.prototype properties, an attacker can inject arbitrary code.
🔹 CVSS score: 7.3 / 10
📌 Official source : 🔗 View the IBM alert
✅ How to correct these flaws?
💡 IBM recommends immediate installation of the 9.8.0.3 provisional patch for RDi.
✔️ Great news! 🎉 The i.Gayte.IT team installed it without any difficulty!
✔️📸 A screenshot with the installation steps is available below.
⚠️ Don’t delay in applying this patch to secure your development environment!
⚡ Act now to secure your IT environment with STR-iCT!
🔐 Keep up to date with the latest cybersecurity alerts! 🚀
